You are on page 1of 5

International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056

Volume: 04 Issue: 07 | July -2017 p-ISSN: 2395-0072

Enabling Secure Data Sharing Scheme in the Cloud Storage Groups

C.Pavani1, S.Vasundra2

1M.Tech, CSE Department, JNTUCEA, Ananthapuramu, AP, India.

2Professor, CSE Department, JNTUCEA, Ananthapuramu, AP, India.
Abstract--In cloud computing, cloud service providers distribution in secure way such that group manager
offer an abstraction of infinite storage space for clients to provides private keys to the users. The scheme can
host the data. It helps clients to reduce economic overhead achieve ne-grained access control. It provides the
of data management by moving the local management security against collusion attack by using group
system into cloud servers. However, security concern signature which provides secure user revocation.
becomes the main constraint. To preserve data Collusion attack means decryption of data by revoked
confidentiality, there is an approach to encrypt data files user using his secret key and get secrete file by conspire
before the client upload the encrypted data into the cloud with the cloud. Secure user revocation means the
which is challenging task in active groups in the cloud. revoked users cannot get the original data le even if
This paper proposes an Identity based ring signature for they conspire with the untrusted cloud. The scheme can
data sharing in the cloud storage groups. This system aims achieve ne efciency, which means previous users need
at offering forward security to massive amount of data not to update their private keys when either a new user
sharing in the cloud. It also provides the authenticity and joins in the group or a user is revoked from the group.
anonymity of the end users. The method can achieve Secure and efficient methods are needed to ensure
secure key distribution, fine-grained access control, anti- integrity and privacy of data stored at the cloud [2].
collusion attack and secure user revocation.
Group signature [3] allows members of a specified group
Keywords: Access control, privacy-preserving, key to sign message on behalf of the entire group that is
distribution, cloud computing, identity based ring without revealing their individual identities. Group
signature. signature has two properties 1) anonymity 2)
traceability. Anonymity means that, it does not revel
1. INTRODUCTION which specific group members form the signature. As in
any privacy preserving applications, anonymity of the
Now-a-days the internet has to support different users is maintained as much as possible, but still need to
technologies. One of the mainly popular technology is be sure that there is a mechanism in place for
cloud computing. Cloud computing atmosphere provides misbehaving members of group to get caught. The group
the massive storages facility to the client. Now a days, signature identifies the misbehaving users can be easily
cloud computing is a technology to allow the user revealed with help of traceability property. But there are
accessing the data which stored in remote server. It can some security applications in which its disagreeable for
be easily and quickly accessible through the internet a signer identity to be revealed. It is violating the
which has been pay per use on demand service. Cloud anonymity property of group signature. To overcome
computing mainly used for business and organization this drawback, this paper proposes the Identity Based
and provide the huge amount of space for data sharing at Ring Signature [4]. This system aims at offering forward
low cost. Clouds are provided by many cloud computing security to massive scale data sharing in the cloud.
service providers like Amazon, Drop box, Google app Ring signature for data sharing inside the cloud provides
engine etc. Cloud provides one of the most essential secure data sharing using identity based ring signature
services is data storage. within the group. It additionally provides the
authenticity and anonymity of the end users. The
Data sharing between two members or group of proposed system avoids costly certificate keys for
members take several issues into account. They are verification as in the conventional public key
efficiency, data integrity and privacy of data owner. infrastructure setting which is a bottleneck. In Identity
Providing the privacy and the integrity are the most based ring signature, Leakage of secret key of any user
challenging tasks for dynamic groups. doesnt make all preceding generated signatures invalid.
The assets is especially important to any huge amount of
The existing system provides a secure data sharing data sharing system, as it is impossible to ask all data
scheme for dynamic members [1]. Without using Secure owners to re-authenticate their data even if a secret key
Communication channels, this method uses key of one single user has been revealed.

2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2491
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 04 Issue: 07 | July -2017 p-ISSN: 2395-0072

The remaining of the paper is organized as follows. 3. PROPOSED METHOD

In the section 2, related works are discussed. The
proposed system is presented in detail in section 3 In order to achieve better security by providing fine
followed by results in section 4. Finally the conclusion is grained access control and reducing key generation
made in section 5. overhead, Identity Based Ring Signature proposed. Ring
signature is group oriented signature with privacy
2. RELATED WORK concerns [10]. It is one of the digital signatures. This
method provides the authenticity and anonymity of the
Liu et al. [5] proposed a secure multi-owner data sharing end user. As opposed to conventional approaches
scheme, named Mona. This scheme can attain fine- Identity based ring signature doesnt allow certificate
grained access control and revoke users will not be able verification. Identity based ring signature combines the
to access the sharing data again once they are revoked. identity based cryptosystem and ring signature.
However, the scheme will easily suffer from the collusion
attack by the revoked user and the cloud [6]. The The ring signature scheme consists of three algorithms:
revoked user can use his personal key to decrypt the KeyGen, Sign and Verify. Each user will run KeyGen
encrypted data and get the secret data after his individually in this algorithm, on input the security
revocation through conspiring with the cloud. In the parameter 1k, will output a key pair (pk, sk). The Sign
phase of document access, the revoked user sends his algorithm, on input takes a secret key sk, a ring R
request to the cloud, and then the cloud responds the contains list of public keys belonging to members of ring,
corresponding encrypted records file. After that, the a signature and a message m, the output is a signature
revoked user can compute the decryption key with the on m. Finally, the Verify algorithm, on input takes the
help of the attack algorithm. At last, this attack can cause ring R, a signature , and a message m, then the output is
the revoked users getting the sharing data and disclosing 1 if some member of R created the signature on m and
other secrets of legitimate members. otherwise the output is 0.

Zhou et al. [7] proposed a secure access control scheme Framework

on encrypted data in cloud storage space by invoking
role-based encryption technique. This method can An ID-based ring signature scheme consists of the
achieve well-organized user revocation that combines following four algorithms: Setup, KeyGen, Sign, and
role-based access control policies with encryption to Verify.
secure huge data storage space in the cloud.
Unfortunately, the verifications between entities are not Setup: Taking a unary input string 1k where k is a
afraid. The method easily suffers from attacks, for security parameter, it produces the master secret key s
example, collusion attack. At last, this attack can direct to and the common public parameters params, which
disclosing sensitive data files. include a description of a nite signature space and a
description of a nite message space.
Zou et al. [8] proposed a realistic and flexible key
management system for trustworthy collaborative KeyGen: It returns Signers secret key SID by taking the
computing. It is designed to achieve efficient access input of the signers identity ID {0,1} and the master
control for dynamic groups. Regrettably, the secure secret key s. (The corresponding public verication key
approach for sharing the personal permanent portable QID can be computed easily by everyone.)
secret between the member and the server is not
supported and the secret key will be disclosed once the Sign: On input of a message m, a group of n users
personal permanent manageable secret is obtained by identities S{IDi}, where 1 i n, and the secret keys of
the attackers. one members SIDs, where 1 s n; it outputs an ID-
based ring signature on the message m.
Nabeel et al. [9] proposed a privacy preserve procedure
based data sharing scheme in public clouds. But, this Verify: It take input as ring signature , a message m
scheme is not secure for the reason that of the weak and the group of signers identities S{IDi}, it outputs 1 for
protection of commitment in the phase of identity token true or 0 for false, depending on whether is a valid
issuance. signature signed by a certain member in the group S{IDi}
on a message m. These algorithms must satisfy the
standard consistency constraint of ID- based ring
signature scheme, i.e. if = Sign(m,S{IDi},SIDs), and IDs
S{IDi}, we must have Verify(,S{IDi},m) = 1 and
otherwise output is 0.

2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2492
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 04 Issue: 07 | July -2017 p-ISSN: 2395-0072

A secure ID-based ring signature scheme should be check the group details, and assign group signature.
enforceability and signer-ambiguous. After successful login, Group Members signature is
verified. After successful verification, the member can
upload, download and can modify the files. Group
member must be encrypting data file before uploading to
the cloud. The Group Members account can be revoked
after he leaves the cloud by the Group Admin.

User Registration: After successful creation of cloud

setup, members want to get registered with the system
through user registration process. While registering,
members have to submit their personal details for
completion of registration process. User registered with
their information such as identity (user name, mobile no
and email-id). During registration process, user got
unique identity and access structure. This generates
secret key for the members. For registered users they
will obtain private key, that secret key is used for file
encryption and decryption.

User Authentication: The user can login successfully

only if user id and password are entered correctly. The
login is a failure if the incorrect user id or wrong
Figure 1: Architecture of cloud data Sharing Scheme password is enters by the user. This helps in preventing
unauthorized access.
The system model consists of 3 different entities: 1.The
cloud server, 2. A Group Admin (i.e., group manager) and Key Distribution: Means of distribute secret keys
3.A set of group members. through the Group Admin that is valid only if the group
members are not revoked from the group. Key can be
Cloud Server: Cloud is the huge storage of resources. updated by generating new key from an old key.
Cloud is responsible for storing all members of data and
access to the file within a group to other group members User Revocation: User revocation is the method of
based on publically offered revocation list which is removal of user from system user list which is
maintained by Group Admin. We imagine that the cloud performed by group admin. Group admin can directly
server is honest but curious. That is, the cloud server will revoke multiple users through public revocation list at
not unkindly delete or alter user data, due to the security every time without affecting any non revoked user. If the
of data auditing schemes login credentials of the specified user matches with the
details of revocation list then access denied.
Group Admin: The Group Admin is acted by the
administrator of the company. Therefore we imagine File Upload: File upload is the method of storing
that the Group Admin is fully trusted by the other specified data files into the cloud. Uploaded files remains
parties. Group Admin perform various operations such in the cloud up to the time specified while uploading the
as system parameters generation, user registration, file. Before uploading the file, file has to be encrypted
group creation, assign ring signature, generation of and compacted to ensure security and privacy of the
private key using bilinear mapping and assign to the files. Then it is encapsulated with corresponding
requested user, maintain revocation list and migrate this decryption key and time to live (TTL) value for the file
list into cloud for public use, and traceability. and send it to cloud.

Group Members: Group members are a set of registered File Download: To access the data that are store in the
users that will store their private data into the cloud cloud, group member will give request as group id, data
server and share them with others in the group. Both id. Cloud server will verify their signature, if the group
Group Admin and group member can login using their member in the same group then allow to access file.
login details. After successful login, Group Admin Group member have rights to access data, but not having
activates newly added users of the cloud by generating rights to delete or alter the data that are store in the
keys for each member using bilinear mapping and send cloud.
it to the corresponding group members. He can also
2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2493
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 04 Issue: 07 | July -2017 p-ISSN: 2395-0072


Security Analysis

Table 1: Security performance comparison

RBAC Mona Proposed

Secure key
Access control

Secure user Figure 2: Performance of File Upload

Anti-collusion In Figure 2 shows the result for upload time. X axis
attack represents the file size Y axis represents the time. In
Data existing system method 1.5mb was uploaded in 95.1s,
confidentiality where as in proposed system method it takes 82.1s to
upload a 1.5mb file. This graph clearly shows that as
As compared with RBCA and Mona the proposed scheme compare to the existing system the performance of
can achieve secure key distribution, fine-grained access proposed system is higher.
control, protection from collusion attack, data
confidentiality and secure user revocation.

Performance Analysis

With the aid of identity based ring signature, on the basis

of the total time consumed to upload and download a file
to/from the cloud. The total time is composed of the time
from the time of submission of ask for to the cloud
server to the point of time at which the file is
uploaded/downloaded to/from the cloud.

Table 2: Comparison of Turnaround Time

File Existing Proposed

size Method method Figure 3: Performance of File Download.
(KB) Upload Down- Upload Down-
load Load In Figure 3 shows the result for download time. X axis
150 12.5 11.6 12 7.8 represents the file size Y axis represents the time. In
existing system method 1.5mb was downloaded in
500 35 40.5 33.8 32.3
122.2s, where as in proposed system method it takes
1000 80.5 85.6 77.4 50.8 51.9s to upload a 1.5mb file. This graph clearly shows
1500 95.1 122.2 82.1 51.9 that as compare to the existing system the performance
of proposed system is higher.
Table 2 shows that turnaround time for upload and
download the file. In general, the time to upload and 5. CONCLUSION
download the data increased with the increase in the file
size This table reveal that the proposed method This paper introduces Identity Based Ring Signature, to
outperforms the existing method appropriate to the provide the security for large amounts of data sharing in
absence of heavy computations and memory overhead. the cloud by using identity based ring signature. Ring
signature is group oriented signature with privacy
concerns. It is a type of digital signature. This method
provides the authenticity and anonymity of the end user.
Identity based ring signature reduces the process of
official document verification, which is a bottleneck

2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2494
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 04 Issue: 07 | July -2017 p-ISSN: 2395-0072

problem in conventional public key infrastructure.

Proposed system supports multiple users to distribute
common data across the members and each member can
involve in data dynamics.


1. Zhu, Z., & Jiang, R. (2016). A secure anti-

collusion data sharing scheme for dynamic
groups in the cloud. IEEE Transactions on
parallel and distributed systems.
2. S. Vasundra (2016) Efficient & Secure Privacy
Preserving Public Auditing Scheme for Cloud
Storage, ISSN- 2278-1323, Vol 5, Issue 9.
3. Camenisch, J., & Michels, M. (1998, October). A
group signature scheme with improved
efficiency. In Asiacrypt (Vol. 98, pp. 160-174).
4. Chow, S. S., Yiu, S. M., & Hui, L. C. (2005, June).
Efficient identity based ring signature.
In International Conference on Applied
Cryptography and Network Security (pp. 499-
512). Springer, Berlin, Heidelberg.
5. Zhu, Z., Jiang, Z., & Jiang, R. (2013, December).
The attack on mona: Secure multi-owner data
sharing for dynamic groups in the cloud.
In Information Science and Cloud Computing
Companion (ISCC-C), 2013 International
Conference on (pp. 213-218). IEEE.
6. Liu, X., Zhang, Y., Wang, B., & Yan, J. (2013).
Mona: Secure multi-owner data sharing for
dynamic groups in the cloud. ieee transactions
on parallel and distributed systems, 24(6).
7. Zhou, L., Varadharajan, V., & Hitchens, M. (2013).
Achieving secure role-based access control on
encrypted data in cloud storage. IEEE
transactions on information forensics and
security, 8(12).
8. Zou, X., Dai, Y. S., & Bertino, E. (2008, April). A
practical and flexible key management
mechanism for trusted collaborative computing.
In INFOCOM 2008. The 27th Conference on
Computer Communications. IEEE (pp. 538-546).
9. Nabeel, M., Shang, N., & Bertino, E. (2013).
Privacy preserving policy-based content sharing
in public clouds. IEEE Transactions on
Knowledge and Data Engineering, 25(11), 2602-
10. Herranz, J., & Sez, G. New identity-based ring
signature schemes. In ICICS (Vol. 4, pp. 27-39).

2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2495